Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Vlan / HTPC / Cisco G200 no access
« previous
next »
Print
Pages: [
1
]
Author
Topic: Vlan / HTPC / Cisco G200 no access (Read 2163 times)
ojessie
Newbie
Posts: 25
Karma: 1
Vlan / HTPC / Cisco G200 no access
«
on:
November 20, 2023, 02:54:48 pm »
Hi,
sorry I'm ashamed to ask because it should be so simple and straight forward and I'm convinced the answer to my problem is several times mentioned in the forum. But obviously I'm not having the knowledge yet to fix my problem.
Since years I'm running my opnsense without any problem, flat structured. But as threats are increasing and with a bunch of IoT devices I thought it's time to improve and add some VLANs.
It's very straight forward set-up for a beginner ....
- standard LAN 192.168.1.1
- Vlan 192.168.100.1 assigned to the LAN
- vlan configured VID 100 including HTPC
- Cisco SG200 26 port GE8 configured VID 100
and no way to get this up and running. Any help ishighly appreciated. As mentioned in the beginning, I don't even know it the problem is at Cisco or opnsense.
thanks, any hint / help what so ever is highly appreciated.
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #1 on:
November 21, 2023, 11:15:39 am »
opnsense new flash ... starting from scratch ... I'm doing a fundmental failure. As before everything works, but no VLAN. Anyone is having an idea what I'm doing wrong?
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #2 on:
November 21, 2023, 11:34:48 am »
dump question ... is it possible that my nic's are not supporting Vlan? I'm running opnsense on a relatively old ipfire hw. How is it possible to check?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #3 on:
November 21, 2023, 12:01:19 pm »
you have explained the setup but haven't I'm not clear what is the actual problem.
In any case, this should perhaps help:
https://forum.opnsense.org/index.php?topic=36530.0
I went from flat network to add a vlan and worked without problem but with the help from this thread, I moved the setup from working-but-flawed to working-as-it-should.
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #4 on:
November 21, 2023, 12:34:04 pm »
Highly appreciate your support!
Well the problem is that VLan is not working.
I followed your recommend thread but still the same.
Changed the default to 1001 and the tagged Vlan is 10. So on port GE 8 (see the picture) I'm getting the IP from my "standard" LAN 192.168.1.xx. When excluding the default 1001 from GE 8 I'm getting no connection to Vlan VID 10 / HDCP on OPS.
Any clue?
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #5 on:
November 21, 2023, 12:35:58 pm »
...that's why I think, OPS is not publishing the Vlan to the switch
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #6 on:
November 21, 2023, 12:48:29 pm »
the remarkable thing is, after a while, I'm getting the private IP 169.254.10.205/16 .... any clue?
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #7 on:
November 21, 2023, 01:48:24 pm »
the nics in my opnsense hw are Intel I210 ... so I believe there is not the problem
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #8 on:
November 21, 2023, 02:37:32 pm »
I'm afraid, I think I'm heading in the totally wrong direction ... or the more I tig into Vlan the more confused I get.
Just read the end devices like a PC cannot handle / understand Vlan (tagged information on a swich)? Is this true?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #9 on:
November 21, 2023, 02:46:19 pm »
No, nothing to do with your nic. You are making the same mistake I was. you have a lan(em0) and a vlan on top of it(em0,tag:100). You don't have a trunk interface yet in OPN.
Let's say em0 will be the parent.
Then in assignments you need to create your VLANs on top of it: vlan02 entertainment is fine, if you're using 100. Tag on both ends obviously need to match.
But you need another for the packets not taged 100 and they will be for now the rest of packets, but they also need to be tagged. The trunk from Cisco will need to tag them all. Right now Cisco is sending both 10 and 1001. I'm not familiar with Cisco as I use mikrotik so I'm guessing tags from your picture.
So you only need to assign as on that thread, the LAN "interface" to the em0 parent with the other tag.
You need to end up with no LAN assignment. Only tagged in "Network port" of the Interfaces > Assigments section of OPN, for those tagged packets from Ciscon, not for the other interfaces. Just like Patrick's picture.
What is not obvious to visualise is that the physical port on OPN side is a trunk and the packets from the switch are ALL tagged. The physical port is not assigned by itself anymore, ONLY tagged interfaces on top of it.
Watch out, that you have a way to reset the switch in case you get locked out.
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #10 on:
November 21, 2023, 03:03:59 pm »
oh my goodness ;-) it's working!!! This is for all the beginners more or less on the same level as I'm.
I believed the OPS is kind of broadcasting all Vlans in the network and on the access port you "just" have to specify which Vlan should get access. This is wrong.
What is working in my case, hopefully it's kind of right and secure, the port towards the OPS needs to be specified as trunk including all the Vlans which are used in this switch. On the "access" port where the PC is connected this sport needs to be configured with the unique Vlan ID and as access port defined.
thanks @cookiemonster for your support ... next challange is to get my Wlan AP with Tomato connected.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #11 on:
November 21, 2023, 03:15:24 pm »
sure, glad it is working.
Tomato AP should only need to be added to an access port and then all clients connected to it will get on that VLAN.
Logged
ojessie
Newbie
Posts: 25
Karma: 1
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #12 on:
November 22, 2023, 07:39:15 am »
Hi, I'm not going for the simple things ;-) ... I'm running 4 SSID on Tomato. It's already working but I'm afraid the HW of my Asus N66 is not capable to handle it. It seems very instable sometimes I'm not able to login. To you have any experience here?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Vlan / HTPC / Cisco G200 no access
«
Reply #13 on:
November 22, 2023, 10:57:51 pm »
Sorry, no. I went from DD-WRT to OPN. Never used tomato as router or Access Point.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Vlan / HTPC / Cisco G200 no access